Victor Porton wrote:
There should be multiple MLSes: For example, one MLS for classified documents degrees and yet one MLS for different complexity of software (and qualification of an employee using this software).
MLS is used when there needs to be a hierarchical relationship (i.e., classification) but, in general, SELinux uses type enforcement for integrity and role separation.
For example, various daemons, even running at the same classification, would have different types (httpd_t, mysql_t, etc) and would be restricted to only their necessary access.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
